Term
|
Definition
Primary Storage is a temporary storage area for data entering and leaving the CPU
|
|
|
Term
| Random Access Memory (RAM) |
|
Definition
Random Access Memory (RAM) is a temporary holding place for data used by the operating systems. It is volatile; meaning if it is turned off the data will be lost.
Two types of RAM are dynamic and static. Dynamic RAM needs to be refreshed from time to time or the data will be lost. Static RAM does not need to be refreshed. |
|
|
Term
|
Definition
| Read-Only Memory (ROM) is non-volatile, which means when a computer is turned off the data is not lost, for the most part ROM cannot be altered. ROM is sometimes referred to as firmware. |
|
|
Term
| Erasable and Programmable Read-Only Memory (EPROM) |
|
Definition
Erasable and Programmable Read-Only Memory (EPROM) is non-volatile like ROM, however EPROM can be altered.
|
|
|
Term
|
Definition
Stopped, waiting, running, ready
Cooperative computing is when ??
Preemptive computing ??
|
|
|
Term
| The arithmetic logic unit (ALU) |
|
Definition
| The arithmetic logic unit (ALU), which performs arithmetic and logical operations |
|
|
Term
|
Definition
The control unit, which extracts instructions from memory, decodes and executes them, calls on the ALU when necessary.
|
|
|
Term
|
Definition
| Threads are part of a process that can execute independently of other parts |
|
|
Term
|
Definition
The ability to execute more than one task at the same time is called multitasking. The terms multitasking and multiprocessing are often used interchangeably, although multiprocessing implies that more than one CPU is involved.
|
|
|
Term
|
Definition
The ability of an operating system to execute different parts of a program simultaneously is
called threading. |
|
|
Term
|
Definition
Virtual memory: It combines the computers’ main memory to the secondary storage to make it looks like as one. When the main memory is filled the memory manager starts filling the swap space on the hard-drive “swapping”. When an application calls for the data on the swap space it pages the memory to the main
memory. The memory manager keeps a page table to track the frames and is located between the application and the main memory. Each page is 4 to 8 Kbytes segments. |
|
|
Term
|
Definition
| Operating states: the computer works in different security modes depending on the classification and clearance. A single state machine operates in the security environment at the highest level of classification of the information within the computer. In other words, all users on that system must have clearance to access the info on that system. On the other hand a multi-state machine can offer several security level without risk of compromising the system’s integrity. |
|
|
Term
| Security modes of operation: |
|
Definition
| Security modes of operation: there two modes; one is the dedicated security mode where all users have the same clearance and need-to-know to read to information. The other one is compartmented security mode where all users have the clearance but not have the need-to-know |
|
|
Term
|
Definition
Protection rings:
Ring 0 - Operating system kernel. The OS’ core. The kernel manages the hardware (for example, processor cycles and memory) and supplies fundamental services that the hardware does not provide.
Ring 1 - Remaining parts of the operating system
Ring 2 - I/O drivers and utilities
Ring 3 - Applications and programs |
|
|
Term
|
Definition
| Bell-LaPadula: model based on the simple security rule which a subject cannot read data at a higher security level (no-read up) and security rule which a subject cannot write information to a lower security level(No write down or *). This model enforces the confidentiality. Used by military and government organization. |
|
|
Term
|
Definition
| Biba: Similar to Bell-LaPadula but enforces the integrity star property (no write up) and the simple integrity property (no read down). This model prevents data from other integrity levels to interact. Used by mostly by commercial organizations. |
|
|
Term
|
Definition
| Clark-Wilson: A model that protects integrity, which requires a subject to access data through an application thus separating duties. This model prevents unauthorized users to modify data; it maintains internal/external reliability and prevents authorized users to wrongly modify data. |
|
|
Term
|
Definition
State Machine: The model from which the Bell-LaPadula and the Biba are derived, it protects itself from any activity that occurs in the system including state transition. It determines what resource a subjects can or cannot access.
|
|
|
Term
|
Definition
| Information flow: It focuses on object security policy to control resources (ACL) to allow or restrict access to object from subject. The information flows in the way the policy dictates it |
|
|
Term
|
Definition
| Non-interference: multi-level system (secret, confidential…) the system provides different level through domains and each domains or environment dictates what the users can access. Each domain does not affect another domain. |
|
|
Term
|
Definition
| Brewer and Nash: The Chinese model provides a dynamic access control depending on user’s previous actions. This model prevents conflict of interests from members of the same organization to look at information that creates a conflict of another members of that organization. Ex. Lawyers in a law firm with client oppositional. |
|
|
Term
|
Definition
Graham-Denning: This model is based on a specific commands that a user can execute to an object.
|
|
|
Term
|
Definition
| Harrison-Ruzzu-Ullman: This model is the same as above but it defines how access rights can be changed. |
|
|
Term
| Trusted Computer System Evaluation Criteria TCSEC: |
|
Definition
Trusted Computer System Evaluation Criteria
TCSEC: (Orange) From the U.S. DoD, it evaluates operating systems, application and systems. It doesn’t touch the network part. It gauges the customer as to what their system is rated and provides a set of criteria for the manufacturer guidelines to follow when building a system. The break down is:
|
|
|
Term
|
Definition
• D – minimal protection, any systems that fails higher levels.
• C1, C2 – Discretionary security protection. (1) Discretionary protection (identification, authentication, resource protection). (2) Controlled access protection (object reuse, protect audit trail).
• B1, B2, B3 – Mandatory protection (security labels) based on Bell-LaPadula security model. (1)Labeled security (process isolation, devices labels). (2) Structured protection (trusted path,
covert channel analysis), (3) security domain (trusted recovery, Monitor event and notification).
• A1 – verified protection/design.
|
|
|
Term
|
Definition
Rainbow series: Red (network), brown (trusted facilities
management), tan (audit), aqua (glossary). |
|
|
Term
| Information Technology Security Evaluation Criteria ITSEC: |
|
Definition
Information Technology Security Evaluation Criteria
ITSEC: it is used in Europe only, not USA. Unlike TCSEC it evaluates functionality and assurance separately. Assurance from E0 to E6 (highest) and F1 to F10 (highest). Therefore a system can provide low assurance and high functionality or vice-versa |
|
|
Term
| ITSEC functional requirements |
|
Definition
Functional requirements: identification/authentication, audit, resource utilization, trusted paths/channels, user data protection, security management, TOE access, communications, privacy, cryptographic support.
• F1 – F5 mirror functionality
• F6 required for system with high integrity i.e DBs
• F7 high availability on system
• F8 high confidentiality on system
• F9 high integrity on communications
• F10 high demand on integrity and confidence during
communications
|
|
|
Term
| ITSEC assurance requirements |
|
Definition
Assurance requirements: guidance document, configuration management, vulnerability assessment, delivery and operation, life cycle support, assurance maintenance, development, and testing.
• E0 inadequate assurance assigned to failed E1
• E1 informal design
• E2 informal design, testing, config control,
• E3 testing evidence of security mechanism
• E4 formal policy, semiformal spec on function rchitec
• E5 close correspondence between source & design
• E6 formal spec of architectures, formal policy |
|
|
Term
|
Definition
| Common criteria is an international standard to evaluate trust. TCSEC having a too rigid security and ITSEC having loose security criteria, the ISO produced the common criteria evaluation. It is a combination of TCSEC, ITSEC, CTCPEC, and the federal criteria. It defines two sets of requirements, functional and assurance then combines them in one rating; |
|
|
Term
| The Evaluation Assurance Levels (EAL) |
|
Definition
Evaluation Assurance Level
EAL 1 – functionally tested,
EAL 2 – structurally tested.
EAL 3 – methodically tested and checked,
EAL 5 – semi formally designed and tested,
EAL 6 – semi formally verified design and tested,
EAL 7 – formally verified design and tested.
|
|
|
Term
|
Definition
CS-1 equivalent to TCSEC C2
CS-2 separation of duty, usage of ACL, strong password,
availability, enhance security, audit mechanisms.
CS-3 Role-based control, non-discretionary control, strong authentication, administration and assurance.
|
|
|
Term
| Certification Vs Accreditation: |
|
Definition
Certification Vs Accreditation:
The certification is the technical procedures that render the accreditation. It uses safeguard evaluation, risk analysis, verification, and testing auditing techniques to assess the system suitability to the security level. The accreditation is a formal process to approve the system. The certification is presented to higher management and is then approved by them |
|
|
